Hackers continue to exploit outdated browser plug-ins

Hackers are aware that large amounts of users continue to run outdated plug-ins and use these as an easy attack vector

Zscaler ThreatLabZ, the research arm of cloud security firm Zscaler, observed that Adobe Shockwave was the most outdated browser plug-in during the third quarter of 2011, with 94% of those installed being outdated.

According to its most recent '2011 State of the Web' report, there was a dramatic shift in the fourth quarter. Shockwave is down to 52% outdated of all installed, and Adobe Reader now tops the list at 61%. Hackers are aware that large amounts of users continue to run outdated plug-ins and use these as an easy attack vector, the report warned.

Botnets comprised the majority of threats seen in December, at 80% of Zscaler blocks. Malicious URLs followed far behind at 14%, while a mere 3% of threats blocked were identified by anti-virus/signature detection.

The report found that enterprises are moving to the more secure Internet Explorer 8. The use of IE 8 has more than doubled in the enterprise over 2011, from 26% of overall IE traffic in January to 55% in December. The report noted that while enterprises are moving to newer and more secure web browsers, IE 9 adoption remains very low.

Overall, IE use in the enterprise followed a slow decline, down to 53% in the fourth quarter from 58% in the third quarter. Meanwhile, Chrome usage saw a big jump from 0.17% of all web browser use in the third quarter to 5% in the fourth quarter, while Safari saw a decline from 7% in third quarter to 4% in the fourth quarter. Firefox usage remained constant at 10%.

In addition, Zscaler ThreatLabZ observed an 85% increase in mobile traffic during the fourth quarter. iPhone and Android devices dominated mobile traffic, accounting for about 87% of such, while Blackberry use fell sharply from 27% to 13% over the quarter.